Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Change guest permissions to full after verification (https://github.com/woocommerce/woocommerce-blocks/pull/12072)

This commit is contained in:
Mike Jolley 2023-12-07 14:41:12 +00:00 committed by GitHub
parent ba9760baa3
commit 45ae286a10
12 changed files with 98 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
plugins/woocommerce-blocks/src/BlockTypes/OrderConfirmation/AbstractOrderConfirmationBlock.php
View File

@ -67,10 +67,10 @@ abstract class AbstractOrderConfirmationBlock extends AbstractBlock {
* This renders the content of the block within the wrapper. The permission determines what data can be shown under * This renders the content of the block within the wrapper. The permission determines what data can be shown under
* the given context. * the given context.
* *
* @param \WC_Order $order Order object. * @param \WC_Order $order Order object.
* @param string $permission Permission level for viewing order details. * @param string|false $permission If the current user can view the order details or not.
* @param array $attributes Block attributes. * @param array $attributes Block attributes.
* @param string $content Original block content. * @param string $content Original block content.
* @return string * @return string
*/ */
abstract protected function render_content( $order, $permission = false, $attributes = [], $content = '' ); abstract protected function render_content( $order, $permission = false, $attributes = [], $content = '' );
@ -103,13 +103,8 @@ abstract class AbstractOrderConfirmationBlock extends AbstractBlock {
/** /**
* View mode for order details based on the order, current user, and settings. * View mode for order details based on the order, current user, and settings.
* *
* Possible values are:
* - "full" user can view all order details.
* - "limited" user can view some order details, but no PII. This may happen for example, if the user checked out as a guest.
* - false user cannot view order details.
*
* @param \WC_Order|null $order Order object. * @param \WC_Order|null $order Order object.
* @return "full"|"limited"|false * @return string|false Returns "full" if the user can view all order details. False if they can view no details.
*/ */
protected function get_view_order_permissions( $order ) { protected function get_view_order_permissions( $order ) {
if ( ! $order || ! $this->has_valid_order_key( $order ) ) { if ( ! $order || ! $this->has_valid_order_key( $order ) ) {
@ -121,8 +116,8 @@ abstract class AbstractOrderConfirmationBlock extends AbstractBlock {
return $this->is_current_customer_order( $order ) ? 'full' : false; return $this->is_current_customer_order( $order ) ? 'full' : false;
} }
// Guest orders are displayed with limited information. // Guest orders are displayed only within the grace period or after verification. If email verification is required, return false.
return $this->email_verification_required( $order ) ? false : 'limited'; return $this->email_verification_required( $order ) ? false : 'full';
} }
/** /**
@ -146,17 +141,12 @@ abstract class AbstractOrderConfirmationBlock extends AbstractBlock {
} }
/** /**
* See if we need to verify the email address before showing the order details. * See if the order was created within the grace period for viewing details.
* *
* @param \WC_Order $order Order object. * @param \WC_Order $order Order object.
* @return boolean * @return boolean
*/ */
protected function email_verification_required( $order ) { protected function is_within_grace_period( $order ) {
// Skip verification if the current user still has the order in their session.
if ( $order->get_id() === wc()->session->get( 'store_api_draft_order' ) ) {
return false;
}
/** /**
* Controls the grace period within which we do not require any sort of email verification step before rendering * Controls the grace period within which we do not require any sort of email verification step before rendering
* the 'order received' or 'order pay' pages. * the 'order received' or 'order pay' pages.
@ -170,36 +160,47 @@ abstract class AbstractOrderConfirmationBlock extends AbstractBlock {
$verification_grace_period = (int) apply_filters( 'woocommerce_order_email_verification_grace_period', 10 * MINUTE_IN_SECONDS, $order, 'order-received' ); $verification_grace_period = (int) apply_filters( 'woocommerce_order_email_verification_grace_period', 10 * MINUTE_IN_SECONDS, $order, 'order-received' );
$date_created = $order->get_date_created(); $date_created = $order->get_date_created();
// We do not need to verify the email address if we are within the grace period immediately following order creation. return is_a( $date_created, \WC_DateTime::class ) && time() - $date_created->getTimestamp() <= $verification_grace_period;
if ( is_a( $date_created, \WC_DateTime::class ) && time() - $date_created->getTimestamp() <= $verification_grace_period ) { }
return false;
}
$session = wc()->session;
$session_email = '';
$session_order = 0;
if ( is_a( $session, \WC_Session::class ) ) {
$customer = $session->get( 'customer' );
$session_email = is_array( $customer ) && isset( $customer['email'] ) ? sanitize_email( $customer['email'] ) : '';
$session_order = (int) $session->get( 'store_api_draft_order' );
}
// We do not need to verify the email address if the user still has the order in session.
if ( $order->get_id() === $session_order ) {
return false;
}
/**
* Returns true if the email has been verified (posted email matches given order email).
*
* @param \WC_Order $order Order object.
* @return boolean
*/
protected function is_email_verified( $order ) {
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
if ( ! empty( $_POST ) && ! wp_verify_nonce( $_POST['check_submission'] ?? '', 'wc_verify_email' ) ) { if ( empty( $_POST ) || ! isset( $_POST['email'] ) || ! wp_verify_nonce( $_POST['check_submission'] ?? '', 'wc_verify_email' ) ) {
return true; return false;
} }
$session_email_match = $session_email === $order->get_billing_email(); return $order->get_billing_email() && sanitize_email( wp_unslash( $_POST['email'] ?? '' ) ) === $order->get_billing_email();
$supplied_email_match = isset( $_POST['email'] ) && sanitize_email( wp_unslash( $_POST['email'] ) ?? '' ) === $order->get_billing_email(); }
// If we cannot match the order with the current user, the user should verify their email address. /**
$email_verification_required = ! $session_email_match && ! $supplied_email_match; * See if we need to verify the email address before showing the order details.
*
* @param \WC_Order $order Order object.
* @return boolean
*/
protected function email_verification_required( $order ) {
$session = wc()->session;
// Skip verification if the current user still has the order in their session.
if ( is_a( $session, \WC_Session::class ) && $order->get_id() === (int) $session->get( 'store_api_draft_order' ) ) {
return false;
}
// Skip verification if the order was created within the grace period.
if ( $this->is_within_grace_period( $order ) ) {
return false;
}
// If the user verified their email address, we can skip further verification.
if ( $this->is_email_verified( $order ) ) {
return false;
}
/** /**
* Provides an opportunity to override the (potential) requirement for shoppers to verify their email address * Provides an opportunity to override the (potential) requirement for shoppers to verify their email address
@ -211,7 +212,7 @@ abstract class AbstractOrderConfirmationBlock extends AbstractBlock {
* @param WC_Order $order The relevant order. * @param WC_Order $order The relevant order.
* @param string $context The context under which we are performing this check. * @param string $context The context under which we are performing this check.
*/ */
return (bool) apply_filters( 'woocommerce_order_email_verification_required', $email_verification_required, $order, 'order-received' ); return (bool) apply_filters( 'woocommerce_order_email_verification_required', true, $order, 'order-received' );
} }
/** /**

8
plugins/woocommerce-blocks/src/BlockTypes/OrderConfirmation/AdditionalInformation.php
View File

@ -17,10 +17,10 @@ class AdditionalInformation extends AbstractOrderConfirmationBlock {
/** /**
* This renders the content of the block within the wrapper. * This renders the content of the block within the wrapper.
* *
* @param \WC_Order $order Order object. * @param \WC_Order $order Order object.
* @param string $permission Permission level for viewing order details. * @param string|false $permission If the current user can view the order details or not.
* @param array $attributes Block attributes. * @param array $attributes Block attributes.
* @param string $content Original block content. * @param string $content Original block content.
* @return string * @return string
*/ */
protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) { protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) {

10
plugins/woocommerce-blocks/src/BlockTypes/OrderConfirmation/BillingAddress.php
View File

@ -17,14 +17,14 @@ class BillingAddress extends AbstractOrderConfirmationBlock {
/** /**
* This renders the content of the block within the wrapper. * This renders the content of the block within the wrapper.
* *
* @param \WC_Order $order Order object. * @param \WC_Order $order Order object.
* @param string $permission Permission level for viewing order details. * @param string|false $permission If the current user can view the order details or not.
* @param array $attributes Block attributes. * @param array $attributes Block attributes.
* @param string $content Original block content. * @param string $content Original block content.
* @return string * @return string
*/ */
protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) { protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) {
if ( 'full' !== $permission || ! $order->has_billing_address() ) { if ( ! $permission || ! $order->has_billing_address() ) {
return ''; return '';
} }

10
plugins/woocommerce-blocks/src/BlockTypes/OrderConfirmation/BillingWrapper.php
View File

@ -17,13 +17,13 @@ class BillingWrapper extends AbstractOrderConfirmationBlock {
/** /**
* This renders the content of the billing wrapper. * This renders the content of the billing wrapper.
* *
* @param \WC_Order $order Order object. * @param \WC_Order $order Order object.
* @param string $permission Permission level for viewing order details. * @param string|false $permission If the current user can view the order details or not.
* @param array $attributes Block attributes. * @param array $attributes Block attributes.
* @param string $content Original block content. * @param string $content Original block content.
*/ */
protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) { protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) {
if ( ! $order || ! $order->has_billing_address() || 'full' !== $permission ) { if ( ! $order || ! $order->has_billing_address() || ! $permission ) {
return ''; return '';
} }
return $content; return $content;

8
plugins/woocommerce-blocks/src/BlockTypes/OrderConfirmation/Downloads.php
View File

@ -19,10 +19,10 @@ class Downloads extends AbstractOrderConfirmationBlock {
/** /**
* This renders the content of the block within the wrapper. * This renders the content of the block within the wrapper.
* *
* @param \WC_Order $order Order object. * @param \WC_Order $order Order object.
* @param string $permission Permission level for viewing order details. * @param string|false $permission If the current user can view the order details or not.
* @param array $attributes Block attributes. * @param array $attributes Block attributes.
* @param string $content Original block content. * @param string $content Original block content.
* @return string * @return string
*/ */
protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) { protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) {

8
plugins/woocommerce-blocks/src/BlockTypes/OrderConfirmation/DownloadsWrapper.php
View File

@ -62,10 +62,10 @@ class DownloadsWrapper extends AbstractOrderConfirmationBlock {
/** /**
* This renders the content of the downloads wrapper. * This renders the content of the downloads wrapper.
* *
* @param \WC_Order $order Order object. * @param \WC_Order $order Order object.
* @param string $permission Permission level for viewing order details. * @param string|false $permission If the current user can view the order details or not.
* @param array $attributes Block attributes. * @param array $attributes Block attributes.
* @param string $content Original block content. * @param string $content Original block content.
*/ */
protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) { protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) {
$show_downloads = $order && $order->has_downloadable_item() && $order->is_download_permitted(); $show_downloads = $order && $order->has_downloadable_item() && $order->is_download_permitted();

37
plugins/woocommerce-blocks/src/BlockTypes/OrderConfirmation/ShippingAddress.php
View File

@ -17,10 +17,10 @@ class ShippingAddress extends AbstractOrderConfirmationBlock {
/** /**
* This renders the content of the block within the wrapper. * This renders the content of the block within the wrapper.
* *
* @param \WC_Order $order Order object. * @param \WC_Order $order Order object.
* @param string $permission Permission level for viewing order details. * @param string|false $permission If the current user can view the order details or not.
* @param array $attributes Block attributes. * @param array $attributes Block attributes.
* @param string $content Original block content. * @param string $content Original block content.
* @return string * @return string
*/ */
protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) { protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) {
@ -28,32 +28,9 @@ class ShippingAddress extends AbstractOrderConfirmationBlock {
return $this->render_content_fallback(); return $this->render_content_fallback();
} }
if ( 'full' === $permission ) { $address = '<address>' . wp_kses_post( $order->get_formatted_shipping_address() ) . '</address>';
$address = '<address>' . wp_kses_post( $order->get_formatted_shipping_address() ) . '</address>'; $phone = $order->get_shipping_phone() ? '<p class="woocommerce-customer-details--phone">' . esc_html( $order->get_shipping_phone() ) . '</p>' : '';
$phone = $order->get_shipping_phone() ? '<p class="woocommerce-customer-details--phone">' . esc_html( $order->get_shipping_phone() ) . '</p>' : '';
return $address . $phone; return $address . $phone;
}
$states = wc()->countries->get_states( $order->get_shipping_country() );
$address = esc_html(
sprintf(
/* translators: %s location. */
__( 'Shipping to %s', 'woo-gutenberg-products-block' ),
implode(
', ',
array_filter(
[
$order->get_shipping_postcode(),
$order->get_shipping_city(),
$states[ $order->get_shipping_state() ] ?? $order->get_shipping_state(),
wc()->countries->countries[ $order->get_shipping_country() ] ?? $order->get_shipping_country(),
]
)
)
)
);
return '<address>' . wp_kses_post( $address ) . '</address>';
} }
} }

8
plugins/woocommerce-blocks/src/BlockTypes/OrderConfirmation/ShippingWrapper.php
View File

@ -17,10 +17,10 @@ class ShippingWrapper extends AbstractOrderConfirmationBlock {
/** /**
* This renders the content of the shipping wrapper. * This renders the content of the shipping wrapper.
* *
* @param \WC_Order $order Order object. * @param \WC_Order $order Order object.
* @param string $permission Permission level for viewing order details. * @param string|false $permission If the current user can view the order details or not.
* @param array $attributes Block attributes. * @param array $attributes Block attributes.
* @param string $content Original block content. * @param string $content Original block content.
*/ */
protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) { protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) {
if ( ! $order || ! $order->has_shipping_address() || ! $order->needs_shipping_address() || ! $permission ) { if ( ! $order || ! $order->has_shipping_address() || ! $order->needs_shipping_address() || ! $permission ) {

14
plugins/woocommerce-blocks/src/BlockTypes/OrderConfirmation/Status.php
View File

@ -52,10 +52,10 @@ class Status extends AbstractOrderConfirmationBlock {
/** /**
* This renders the content of the block within the wrapper. * This renders the content of the block within the wrapper.
* *
* @param \WC_Order $order Order object. * @param \WC_Order $order Order object.
* @param string $permission Permission level for viewing order details. * @param string|false $permission If the current user can view the order details or not.
* @param array $attributes Block attributes. * @param array $attributes Block attributes.
* @param string $content Original block content. * @param string $content Original block content.
* @return string * @return string
*/ */
protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) { protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) {
@ -106,11 +106,7 @@ class Status extends AbstractOrderConfirmationBlock {
case 'failed': case 'failed':
// phpcs:ignore WooCommerce.Commenting.CommentHooks.MissingHookComment // phpcs:ignore WooCommerce.Commenting.CommentHooks.MissingHookComment
$order_received_text = apply_filters( 'woocommerce_thankyou_order_received_text', esc_html__( 'Your order cannot be processed as the originating bank/merchant has declined your transaction. Please attempt your purchase again.', 'woo-gutenberg-products-block' ), null ); $order_received_text = apply_filters( 'woocommerce_thankyou_order_received_text', esc_html__( 'Your order cannot be processed as the originating bank/merchant has declined your transaction. Please attempt your purchase again.', 'woo-gutenberg-products-block' ), null );
$actions = ''; $actions = '<a href="' . esc_url( $order->get_checkout_payment_url() ) . '" class="button">' . esc_html__( 'Try again', 'woo-gutenberg-products-block' ) . '</a> ';
if ( 'full' === $permission ) {
$actions .= '<a href="' . esc_url( $order->get_checkout_payment_url() ) . '" class="button">' . esc_html__( 'Try again', 'woo-gutenberg-products-block' ) . '</a> ';
}
if ( wc_get_page_permalink( 'myaccount' ) ) { if ( wc_get_page_permalink( 'myaccount' ) ) {
$actions .= '<a href="' . esc_url( wc_get_page_permalink( 'myaccount' ) ) . '" class="button">' . esc_html__( 'My account', 'woo-gutenberg-products-block' ) . '</a> '; $actions .= '<a href="' . esc_url( wc_get_page_permalink( 'myaccount' ) ) . '" class="button">' . esc_html__( 'My account', 'woo-gutenberg-products-block' ) . '</a> ';

14
plugins/woocommerce-blocks/src/BlockTypes/OrderConfirmation/Summary.php
View File

@ -17,10 +17,10 @@ class Summary extends AbstractOrderConfirmationBlock {
/** /**
* This renders the content of the block within the wrapper. * This renders the content of the block within the wrapper.
* *
* @param \WC_Order $order Order object. * @param \WC_Order $order Order object.
* @param string $permission Permission level for viewing order details. * @param string|false $permission If the current user can view the order details or not.
* @param array $attributes Block attributes. * @param array $attributes Block attributes.
* @param string $content Original block content. * @param string $content Original block content.
* @return string * @return string
*/ */
protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) { protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) {
@ -32,10 +32,8 @@ class Summary extends AbstractOrderConfirmationBlock {
$content .= $this->render_summary_row( __( 'Order number:', 'woo-gutenberg-products-block' ), $order->get_order_number() ); $content .= $this->render_summary_row( __( 'Order number:', 'woo-gutenberg-products-block' ), $order->get_order_number() );
$content .= $this->render_summary_row( __( 'Date:', 'woo-gutenberg-products-block' ), wc_format_datetime( $order->get_date_created() ) ); $content .= $this->render_summary_row( __( 'Date:', 'woo-gutenberg-products-block' ), wc_format_datetime( $order->get_date_created() ) );
$content .= $this->render_summary_row( __( 'Total:', 'woo-gutenberg-products-block' ), $order->get_formatted_order_total() ); $content .= $this->render_summary_row( __( 'Total:', 'woo-gutenberg-products-block' ), $order->get_formatted_order_total() );
if ( 'full' === $permission ) { $content .= $this->render_summary_row( __( 'Email:', 'woo-gutenberg-products-block' ), $order->get_billing_email() );
$content .= $this->render_summary_row( __( 'Email:', 'woo-gutenberg-products-block' ), $order->get_billing_email() ); $content .= $this->render_summary_row( __( 'Payment method:', 'woo-gutenberg-products-block' ), $order->get_payment_method_title() );
$content .= $this->render_summary_row( __( 'Payment method:', 'woo-gutenberg-products-block' ), $order->get_payment_method_title() );
}
$content .= '</ul>'; $content .= '</ul>';
return $content; return $content;

8
plugins/woocommerce-blocks/src/BlockTypes/OrderConfirmation/Totals.php
View File

@ -19,10 +19,10 @@ class Totals extends AbstractOrderConfirmationBlock {
/** /**
* This renders the content of the block within the wrapper. * This renders the content of the block within the wrapper.
* *
* @param \WC_Order $order Order object. * @param \WC_Order $order Order object.
* @param string $permission Permission level for viewing order details. * @param string|false $permission If the current user can view the order details or not.
* @param array $attributes Block attributes. * @param array $attributes Block attributes.
* @param string $content Original block content. * @param string $content Original block content.
* @return string * @return string
*/ */
protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) { protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) {

8
plugins/woocommerce-blocks/src/BlockTypes/OrderConfirmation/TotalsWrapper.php
View File

@ -17,10 +17,10 @@ class TotalsWrapper extends AbstractOrderConfirmationBlock {
/** /**
* This renders the content of the totals wrapper. * This renders the content of the totals wrapper.
* *
* @param \WC_Order $order Order object. * @param \WC_Order $order Order object.
* @param string $permission Permission level for viewing order details. * @param string|false $permission If the current user can view the order details or not.
* @param array $attributes Block attributes. * @param array $attributes Block attributes.
* @param string $content Original block content. * @param string $content Original block content.
*/ */
protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) { protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) {
if ( ! $permission ) { if ( ! $permission ) {